N/A
2026-01-21< 1.6.0
LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
LA-Studio Element Kit for Elementor
Minimum safe version
1.6.0
Update to 1.6.0 or later to address 18 fixable vulnerabilities
Latest available1.6.0 ✓
Medium 4.3
2026-02-03< 1.5.6.3
CVE-2026-24947
Medium 6.4
2025-09-06< 1.5.5.2
LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Medium 6.4
2025-05-30< 1.5.3
LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter
Medium 6.4
2025-05-30< 1.5.3
LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets
Medium 6.4
2025-04-18< 1.5.0
LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget
Medium 6.5
2025-04-04< 1.5.2
CVE-2025-32194
Medium 4.3
2024-12-04< 1.4.5
CVE-2024-10787
High 8.8
2024-11-23< 1.4.3
CVE-2024-10873
Medium 6.5
2024-10-05< 1.3.9.7
CVE-2024-47628
Medium 6.5
2024-08-12< 1.3.9.3
CVE-2024-43210
High 8.8
2024-07-02< 1.3.9
CVE-2024-37479
High 8.8
2024-07-02< 1.3.9
CVE-2024-5349
High 8.8
2024-06-10< 1.3.7.4
CVE-2024-35725
Medium 6.4
2024-05-23< 1.3.8
CVE-2024-4431
Medium 6.4
2024-05-03< 1.3.7.6
WordPress LA-Studio Element Kit for Elementor Plugin <= 1.3.7.5 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-03-14< 1.3.7.5
CVE-2024-2249
Medium 6.5
2024-12-26< 1.1.6
WordPress LA-Studio Element Kit for Elementor Plugin <= 1.1.5 is vulnerable to Broken Access Control